static int winfs_unlink(struct mount_point *mp, const char *pathname)
{
WCHAR wpathname[PATH_MAX];
int len = filename_to_nt_pathname(mp, pathname, wpathname, PATH_MAX);
if (len <= 0)
return -L_ENOENT;
UNICODE_STRING object_name;
RtlInitCountedUnicodeString(&object_name, wpathname, len * sizeof(WCHAR));
OBJECT_ATTRIBUTES attr;
attr.Length = sizeof(OBJECT_ATTRIBUTES);
attr.RootDirectory = NULL;
attr.ObjectName = &object_name;
attr.Attributes = 0;
attr.SecurityDescriptor = NULL;
attr.SecurityQualityOfService = NULL;
IO_STATUS_BLOCK status_block;
NTSTATUS status;
HANDLE handle;
status = NtOpenFile(&handle, DELETE, &attr, &status_block, FILE_SHARE_DELETE, FILE_NON_DIRECTORY_FILE | FILE_OPEN_FOR_BACKUP_INTENT);
if (!NT_SUCCESS(status))
{
if (status != STATUS_SHARING_VIOLATION)
{
log_warning("NtOpenFile() failed, status: %x", status);
return -L_ENOENT;
}
/* This file has open handles in some processes, even we set delete disposition flags
* The actual deletion of the file will be delayed to the last handle closing
* To make the file disappear from its parent directory immediately, we move the file
* to Windows recycle bin prior to deletion.
*/
status = NtOpenFile(&handle, DELETE, &attr, &status_block, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
FILE_NON_DIRECTORY_FILE | FILE_OPEN_FOR_BACKUP_INTENT);
if (!NT_SUCCESS(status))
{
log_warning("NtOpenFile() failed, status: %x", status);
return -L_EBUSY;
}
status = move_to_recycle_bin(handle, wpathname);
if (!NT_SUCCESS(status))
return -L_EBUSY;
}
/* Set disposition flag */
FILE_DISPOSITION_INFORMATION info;
info.DeleteFile = TRUE;
status = NtSetInformationFile(handle, &status_block, &info, sizeof(info), FileDispositionInformation);
if (!NT_SUCCESS(status))
{
log_warning("NtSetInformation(FileDispositionInformation) failed, status: %x", status);
return -L_EBUSY;
}
NtClose(handle);
return 0;
}
DWORD GetFileAttributes2(POBJECT_ATTRIBUTES ObjectAttributes)
{
HANDLE hFile;
IO_STATUS_BLOCK IoStatusBlock;
auto Status = NtOpenFile(&hFile, FILE_READ_ATTRIBUTES | SYNCHRONIZE, ObjectAttributes, &IoStatusBlock, FILE_SHARE_VALID_FLAGS, FILE_OPEN_REPARSE_POINT | FILE_SYNCHRONOUS_IO_NONALERT | FILE_OPEN_FOR_BACKUP_INTENT);
if (Status)
{
goto Error;
}
FILE_BASIC_INFORMATION Info;
Status = NtQueryInformationFile(hFile, &IoStatusBlock, &Info, sizeof(Info), FileBasicInformation);
NtClose(hFile);
if (Status)
{
Error:
SetLastError(RtlNtStatusToDosError(Status));
return -1;
}
else
{
return Info.FileAttributes;
}
}
NTSTATUS __fastcall NtGetFileId(POBJECT_ATTRIBUTES ObjectAttributes, FILE_STANDARD_INFORMATION* pFileStandardInfo, FILE_INTERNAL_INFORMATION* pFileInternalInfo)
{
HANDLE hFile;
//OBJECT_ATTRIBUTES ObjectAttributes = { sizeof(OBJECT_ATTRIBUTES), hRootDir, (UNICODE_STRING*)&FileName, OBJ_CASE_INSENSITIVE };
IO_STATUS_BLOCK IoStatusBlock;
auto Status = NtOpenFile(&hFile, SYNCHRONIZE, ObjectAttributes, &IoStatusBlock, FILE_SHARE_VALID_FLAGS, FILE_OPEN_REPARSE_POINT | FILE_SYNCHRONOUS_IO_NONALERT | FILE_OPEN_FOR_BACKUP_INTENT);
if (Status)
return Status;
if (pFileStandardInfo)
{
if (Status = NtQueryInformationFile(hFile, &IoStatusBlock, pFileStandardInfo, sizeof(FILE_STANDARD_INFORMATION), FileStandardInformation))
{
goto End;
}
}
if (pFileInternalInfo)
{
if (Status = NtQueryInformationFile(hFile, &IoStatusBlock, pFileInternalInfo, sizeof(FILE_INTERNAL_INFORMATION), FileInternalInformation))
{
goto End;
}
}
End:
NtClose(hFile);
return Status;
}
bool CIoSupport::PartitionExists(int nPartition)
{
#ifdef _XBOX
char szPartition[32];
ANSI_STRING part_string;
NTSTATUS status;
HANDLE hTemp;
OBJECT_ATTRIBUTES oa;
IO_STATUS_BLOCK iosb;
sprintf(szPartition, "\\Device\\Harddisk0\\Partition%u", nPartition);
RtlInitAnsiString(&part_string, szPartition);
oa.Attributes = OBJ_CASE_INSENSITIVE;
oa.ObjectName = &part_string;
oa.RootDirectory = 0;
status = NtOpenFile(&hTemp, GENERIC_READ | GENERIC_WRITE, &oa, &iosb, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_SYNCHRONOUS_IO_ALERT);
if (NT_SUCCESS(status))
{
CloseHandle(hTemp);
return true;
}
return false;
#else
return false;
#endif
}
BOOLEAN
DoesFileExist(
IN HANDLE RootDirectory OPTIONAL,
IN PCWSTR PathNameToFile)
{
NTSTATUS Status;
UNICODE_STRING FileName;
HANDLE FileHandle;
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
RtlInitUnicodeString(&FileName, PathNameToFile);
InitializeObjectAttributes(&ObjectAttributes,
&FileName,
OBJ_CASE_INSENSITIVE,
RootDirectory,
NULL);
Status = NtOpenFile(&FileHandle,
FILE_GENERIC_READ, // Contains SYNCHRONIZE
&ObjectAttributes,
&IoStatusBlock,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE);
if (NT_SUCCESS(Status))
NtClose(FileHandle);
else
DPRINT("Failed to open file '%wZ', Status 0x%08lx\n", &FileName, Status);
return NT_SUCCESS(Status);
}
void fs_open(PUNICODE_STRING DriveRoot,int rw)
{
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK Iosb;
NTSTATUS Status;
InitializeObjectAttributes(&ObjectAttributes,
DriveRoot,
0,
NULL,
NULL);
Status = NtOpenFile(&fd,
FILE_GENERIC_READ | (rw ? FILE_GENERIC_WRITE : 0),
&ObjectAttributes,
&Iosb,
rw ? 0 : FILE_SHARE_READ,
FILE_SYNCHRONOUS_IO_ALERT);
if (!NT_SUCCESS(Status))
{
DPRINT1("NtOpenFile() failed with status 0x%.08x\n", Status);
return;
}
// If rw is specified, then the volume should be exclusively locked
if (rw) fs_lock(TRUE);
// Query geometry and partition info, to have bytes per sector, etc
CurrentOffset.QuadPart = 0LL;
changes = last = NULL;
did_change = 0;
}
static BOOLEAN
IsValidNTOSInstallation_UStr(
IN PUNICODE_STRING SystemRootPath)
{
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
HANDLE SystemRootDirectory;
BOOLEAN Success;
/* Open SystemRootPath */
InitializeObjectAttributes(&ObjectAttributes,
SystemRootPath,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = NtOpenFile(&SystemRootDirectory,
FILE_LIST_DIRECTORY | SYNCHRONIZE,
&ObjectAttributes,
&IoStatusBlock,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE);
if (!NT_SUCCESS(Status))
{
DPRINT1("Failed to open SystemRoot '%wZ', Status 0x%08lx\n", SystemRootPath, Status);
return FALSE;
}
Success = IsValidNTOSInstallationByHandle(SystemRootDirectory);
/* Done! */
NtClose(SystemRootDirectory);
return Success;
}
static
BOOLEAN
DoesPathExist(
PWSTR PathName)
{
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
UNICODE_STRING Name;
HANDLE FileHandle;
NTSTATUS Status;
RtlInitUnicodeString(&Name,
PathName);
InitializeObjectAttributes(&ObjectAttributes,
&Name,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = NtOpenFile(&FileHandle,
GENERIC_READ | SYNCHRONIZE,
&ObjectAttributes,
&IoStatusBlock,
0,
FILE_SYNCHRONOUS_IO_NONALERT);
if (!NT_SUCCESS(Status))
{
return FALSE;
}
NtClose(FileHandle);
return TRUE;
}
static DWORD NtOpenObject(OBJECT_TYPE type, PHANDLE phandle, DWORD access, LPCWSTR path)
{
UNICODE_STRING ustr;
RtlInitUnicodeString(&ustr, path);
OBJECT_ATTRIBUTES open_struct = { sizeof(OBJECT_ATTRIBUTES), 0x00, &ustr, 0x40 };
if (type != FILE_OBJECT)
access |= STANDARD_RIGHTS_READ;
IO_STATUS_BLOCK ioStatusBlock;
switch (type)
{
case DIRECTORY_OBJECT: return NtOpenDirectoryObject(phandle, access, &open_struct);
case SYMBOLICLINK_OBJECT: return NtOpenSymbolicLinkObject(phandle, access, &open_struct);
case MUTANT_OBJECT: return NtOpenMutant(phandle, access, &open_struct);
case SECTION_OBJECT: return NtOpenSection(phandle, access, &open_struct);
case EVENT_OBJECT: return NtOpenEvent(phandle, access, &open_struct);
case SEMAPHORE_OBJECT: return NtOpenSemaphore(phandle, access, &open_struct);
case TIMER_OBJECT: return NtOpenTimer(phandle, access, &open_struct);
case KEY_OBJECT: return NtOpenKey(phandle, access, &open_struct);
case EVENTPAIR_OBJECT: return NtOpenEventPair(phandle, access, &open_struct);
case IOCOMPLETION_OBJECT: return NtOpenIoCompletion(phandle, access, &open_struct);
case FILE_OBJECT: return NtOpenFile(phandle, access, &open_struct, &ioStatusBlock, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 0);
default:
return ERROR_INVALID_FUNCTION;
}
}
unsigned int CIoSupport::ReadPartitionTable(PARTITION_TABLE *p_table)
{
#ifdef _XBOX
ANSI_STRING a_file;
OBJECT_ATTRIBUTES obj_attr;
IO_STATUS_BLOCK io_stat_block;
HANDLE handle;
unsigned int stat;
unsigned int ioctl_cmd_in_buf[100];
unsigned int ioctl_cmd_out_buf[100];
unsigned int partition_table_addr;
memset(p_table, 0, sizeof(PARTITION_TABLE));
RtlInitAnsiString(&a_file, "\\Device\\Harddisk0\\partition0");
obj_attr.RootDirectory = 0;
obj_attr.ObjectName = &a_file;
obj_attr.Attributes = OBJ_CASE_INSENSITIVE;
stat = NtOpenFile(&handle, (GENERIC_READ | 0x00100000), &obj_attr, &io_stat_block, (FILE_SHARE_READ | FILE_SHARE_WRITE), 0x10);
if (stat != STATUS_SUCCESS)
{
return stat;
}
memset(ioctl_cmd_out_buf, 0, sizeof(ioctl_cmd_out_buf));
memset(ioctl_cmd_in_buf, 0, sizeof(ioctl_cmd_in_buf));
ioctl_cmd_in_buf[0] = IOCTL_SUBCMD_GET_INFO;
stat = NtDeviceIoControlFile(handle, 0, 0, 0, &io_stat_block,
IOCTL_CMD_LBA48_ACCESS,
ioctl_cmd_in_buf, sizeof(ioctl_cmd_in_buf),
ioctl_cmd_out_buf, sizeof(ioctl_cmd_out_buf));
NtClose(handle);
if (stat != STATUS_SUCCESS)
{
return stat;
}
if ((ioctl_cmd_out_buf[LBA48_GET_INFO_MAGIC1_IDX] != LBA48_GET_INFO_MAGIC1_VAL) ||
(ioctl_cmd_out_buf[LBA48_GET_INFO_MAGIC2_IDX] != LBA48_GET_INFO_MAGIC2_VAL))
{
return STATUS_UNSUCCESSFUL;
}
partition_table_addr = ioctl_cmd_out_buf[LBA48_GET_INFO_LOWCODE_BASE_IDX];
partition_table_addr += ioctl_cmd_out_buf[LBA48_GET_INFO_PART_TABLE_OFS_IDX];
memcpy(p_table, (void *)partition_table_addr, sizeof(PARTITION_TABLE));
return STATUS_SUCCESS;
#else
return (unsigned int) -1;
#endif
}
NTSTATUS NtDeleteFile2(POBJECT_ATTRIBUTES ObjectAttributes)
{
HANDLE hFile;
IO_STATUS_BLOCK IoStatusBlock;
auto Status = NtOpenFile(&hFile, SYNCHRONIZE | DELETE, ObjectAttributes, &IoStatusBlock, FILE_SHARE_DELETE | FILE_SHARE_READ, FILE_OPEN_REPARSE_POINT | FILE_OPEN_FOR_BACKUP_INTENT);
if (Status)
{
return Status;
}
FILE_DISPOSITION_INFORMATION Dispostion = { TRUE };
Status = NtSetInformationFile(hFile, &IoStatusBlock, &Dispostion, sizeof(Dispostion), FileDispositionInformation);
NtClose(hFile);
if (Status == 0)
return 0;
//使用文件取代法删除
auto cbData = ObjectAttributes->ObjectName->Length + sizeof(L"~$") - 2;
UNICODE_STRING TempFileName = { cbData,cbData, (wchar_t*)new byte[cbData] };
memcpy(TempFileName.Buffer, ObjectAttributes->ObjectName->Buffer, ObjectAttributes->ObjectName->Length);
*(wchar_t*)(((byte*)TempFileName.Buffer) + ObjectAttributes->ObjectName->Length) = L'~';
*(wchar_t*)(((byte*)TempFileName.Buffer) + ObjectAttributes->ObjectName->Length + 2) = L'$';
OBJECT_ATTRIBUTES ObjectAttributes2 = { sizeof(OBJECT_ATTRIBUTES),ObjectAttributes->RootDirectory, &TempFileName, OBJ_CASE_INSENSITIVE };
auto Status2 = NtCreateFile(&hFile, SYNCHRONIZE | DELETE, &ObjectAttributes2, &IoStatusBlock, 0, FILE_ATTRIBUTE_NORMAL, 0, FILE_CREATE, FILE_OPEN_FOR_BACKUP_INTENT | FILE_DELETE_ON_CLOSE, NULL, 0);
delete[](byte*)TempFileName.Buffer;
cbData = sizeof(FILE_RENAME_INFORMATION) + ObjectAttributes->ObjectName->Length;
FILE_RENAME_INFORMATION* pRenameInfo = (FILE_RENAME_INFORMATION*)new byte[cbData];
memcpy(pRenameInfo->FileName, ObjectAttributes->ObjectName->Buffer, ObjectAttributes->ObjectName->Length);
pRenameInfo->ReplaceIfExists = TRUE;
pRenameInfo->RootDirectory = ObjectAttributes->RootDirectory;
pRenameInfo->FileNameLength = ObjectAttributes->ObjectName->Length;
//FILE_RENAME_INFORMATION RenameInfo = {TRUE,hRootDir ,FileName.};
Status2 = NtSetInformationFile(hFile, &IoStatusBlock, pRenameInfo, cbData, FileRenameInformation);
delete[](byte*)pRenameInfo;
NtClose(hFile);
return Status2 == 0 ? 0 : Status;
}
NTSTATUS KphConnect(
_In_opt_ PWSTR DeviceName
)
{
NTSTATUS status;
HANDLE kphHandle;
UNICODE_STRING objectName;
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK isb;
OBJECT_HANDLE_FLAG_INFORMATION handleFlagInfo;
if (PhKphHandle)
return STATUS_ADDRESS_ALREADY_EXISTS;
if (DeviceName)
RtlInitUnicodeString(&objectName, DeviceName);
else
RtlInitUnicodeString(&objectName, KPH_DEVICE_NAME);
InitializeObjectAttributes(
&objectAttributes,
&objectName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
status = NtOpenFile(
&kphHandle,
FILE_GENERIC_READ | FILE_GENERIC_WRITE,
&objectAttributes,
&isb,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_NON_DIRECTORY_FILE
);
if (NT_SUCCESS(status))
{
// Protect the handle from being closed.
handleFlagInfo.Inherit = FALSE;
handleFlagInfo.ProtectFromClose = TRUE;
NtSetInformationObject(
kphHandle,
ObjectHandleFlagInformation,
&handleFlagInfo,
sizeof(OBJECT_HANDLE_FLAG_INFORMATION)
);
PhKphHandle = kphHandle;
}
return status;
}
BOOL
WINAPI
AllocConsole(VOID)
{
UNICODE_STRING ScreenName = RTL_CONSTANT_STRING(L"\\??\\BlueScreen");
UNICODE_STRING KeyboardName = RTL_CONSTANT_STRING(L"\\Device\\KeyboardClass0");
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
NTSTATUS Status;
/* Open the screen */
InitializeObjectAttributes(&ObjectAttributes,
&ScreenName,
0,
NULL,
NULL);
Status = NtOpenFile(&StdOutput,
FILE_ALL_ACCESS,
&ObjectAttributes,
&IoStatusBlock,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_ALERT);
if (!NT_SUCCESS(Status))
return FALSE;
/* Open the keyboard */
InitializeObjectAttributes(&ObjectAttributes,
&KeyboardName,
0,
NULL,
NULL);
Status = NtOpenFile(&StdInput,
FILE_ALL_ACCESS,
&ObjectAttributes,
&IoStatusBlock,
FILE_OPEN,
0);
if (!NT_SUCCESS(Status))
return FALSE;
return TRUE;
}
static NTSTATUS
OpenDirectoryByHandleOrPath(
OUT PHANDLE RootPathHandle,
IN HANDLE RootDirectory OPTIONAL,
IN PUNICODE_STRING RootPath OPTIONAL)
{
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
*RootPathHandle = NULL;
/*
* RootDirectory and RootPath cannot be either both NULL
* or both non-NULL, when being specified.
*/
if ((!RootDirectory && !RootPath) ||
( RootDirectory && RootPath))
{
return STATUS_INVALID_PARAMETER;
}
if (!RootDirectory && RootPath)
{
/* Open the root directory path */
InitializeObjectAttributes(&ObjectAttributes,
RootPath,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = NtOpenFile(RootPathHandle,
// FILE_TRAVERSE is needed to be able to use the handle as RootDirectory for future InitializeObjectAttributes calls.
FILE_LIST_DIRECTORY | FILE_ADD_FILE /* | FILE_ADD_SUBDIRECTORY */ | FILE_TRAVERSE | SYNCHRONIZE,
&ObjectAttributes,
&IoStatusBlock,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE /* | FILE_OPEN_FOR_BACKUP_INTENT */);
if (!NT_SUCCESS(Status))
{
DPRINT1("NtOpenFile(%wZ) failed, Status 0x%08lx\n", RootPath, Status);
return Status;
}
/* Mark the handle as being opened locally */
*RootPathHandle = (HANDLE)((ULONG_PTR)*RootPathHandle | 1);
}
else if (RootDirectory && !RootPath)
{
*RootPathHandle = RootDirectory;
}
// No other cases possible
return STATUS_SUCCESS;
}
NTSTATUS
NTAPI
SmpDeletePagingFile(IN PUNICODE_STRING FileName)
{
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
HANDLE FileHandle;
FILE_DISPOSITION_INFORMATION Disposition;
/* Open the page file */
InitializeObjectAttributes(&ObjectAttributes,
FileName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = NtOpenFile(&FileHandle,
DELETE,
&ObjectAttributes,
&IoStatusBlock,
FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_NON_DIRECTORY_FILE);
if (NT_SUCCESS(Status))
{
/* Delete it */
Disposition.DeleteFile = TRUE;
Status = NtSetInformationFile(FileHandle,
&IoStatusBlock,
&Disposition,
sizeof(Disposition),
FileDispositionInformation);
if (!NT_SUCCESS(Status))
{
DPRINT1("SMSS:PFILE: Failed to delete page file `%wZ' (status %X)\n",
FileName, Status);
}
else
{
DPRINT1("SMSS:PFILE: Deleted stale paging file - %wZ\n", FileName);
}
/* Close the handle */
NtClose(FileHandle);
}
else
{
DPRINT1("SMSS:PFILE: Failed to open for deletion page file `%wZ' (status %X)\n",
FileName, Status);
}
/* All done */
return Status;
}
NTSTATUS
openfile (
IN PHANDLE filehandle,
IN PUCHAR BasePath,
IN PUCHAR Name
)
{
ANSI_STRING AscBasePath, AscName;
UNICODE_STRING UniPathName, UniName;
NTSTATUS status;
OBJECT_ATTRIBUTES ObjA;
IO_STATUS_BLOCK IOSB;
UCHAR StringBuf[500];
//
// Build name
//
UniPathName.Buffer = (PWCHAR)StringBuf;
UniPathName.Length = 0;
UniPathName.MaximumLength = sizeof( StringBuf );
RtlInitString(&AscBasePath, BasePath);
RtlAnsiStringToUnicodeString( &UniPathName, &AscBasePath, FALSE );
RtlInitString(&AscName, Name);
RtlAnsiStringToUnicodeString( &UniName, &AscName, TRUE );
RtlAppendUnicodeStringToString (&UniPathName, &UniName);
InitializeObjectAttributes(
&ObjA,
&UniPathName,
OBJ_CASE_INSENSITIVE,
0,
0 );
//
// open file
//
status = NtOpenFile (
filehandle, // return handle
SYNCHRONIZE | FILE_READ_DATA, // desired access
&ObjA, // Object
&IOSB, // io status block
FILE_SHARE_READ | FILE_SHARE_WRITE, // share access
FILE_SYNCHRONOUS_IO_ALERT // open options
);
RtlFreeUnicodeString (&UniName);
return status;
}
UINT64 GetDirectorySizeInternal(OBJECT_ATTRIBUTES ObjectAttributes)
{
HANDLE hFile;
//OBJECT_ATTRIBUTES ObjectAttributes = { sizeof(OBJECT_ATTRIBUTES), hRootDir, (UNICODE_STRING*)&FileName, OBJ_CASE_INSENSITIVE };
IO_STATUS_BLOCK IoStatusBlock;
auto Status = NtOpenFile(&hFile, SYNCHRONIZE | FILE_LIST_DIRECTORY, &ObjectAttributes, &IoStatusBlock, FILE_SHARE_VALID_FLAGS, FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT | FILE_OPEN_FOR_BACKUP_INTENT);
if (Status)
return 0;
UINT64 Space = 0;
byte Buffer[sizeof(FILE_FULL_DIR_INFORMATION) + 512];
FILE_FULL_DIR_INFORMATION & FileInfo = *(FILE_FULL_DIR_INFORMATION *)Buffer;
UNICODE_STRING TempFileName = { 0,0,FileInfo.FileName };
ObjectAttributes.RootDirectory = hFile;
ObjectAttributes.ObjectName = &TempFileName;
while (ZwQueryDirectoryFile(hFile, NULL, NULL, NULL, &IoStatusBlock, Buffer, sizeof(Buffer), FileFullDirectoryInformation, -1, NULL, 0) == ERROR_SUCCESS)
{
if (FileInfo.FileAttributes&FILE_ATTRIBUTE_DIRECTORY)
{
if (FileInfo.FileAttributes&FILE_ATTRIBUTE_REPARSE_POINT)
{
if (IsReparseTagNameSurrogate(FileInfo.EaSize))
continue;
}
else
{
if (IsDots(FileInfo.FileName, FileInfo.FileNameLength))
continue;
}
TempFileName.Length = TempFileName.MaximumLength = FileInfo.FileNameLength;
Space += GetDirectorySizeInternal(ObjectAttributes);
}
else
{
Space += FileInfo.AllocationSize.QuadPart;
}
}
NtClose(hFile);
return Space;
}
/*
* SfuCreateFileMappingNoExec
*
* Purpose:
*
* Map file as non executable image.
*
*/
PVOID SfuCreateFileMappingNoExec(
_In_ LPWSTR lpFileName
)
{
BOOL cond = FALSE;
NTSTATUS status;
UNICODE_STRING usFileName;
HANDLE hFile = NULL, hSection = NULL;
OBJECT_ATTRIBUTES obja;
IO_STATUS_BLOCK iost;
SIZE_T ViewSize = 0;
PVOID Data = NULL;
RtlSecureZeroMemory(&usFileName, sizeof(usFileName));
do {
if (RtlDosPathNameToNtPathName_U(lpFileName, &usFileName, NULL, NULL) == FALSE)
break;
InitializeObjectAttributes(&obja, &usFileName, OBJ_CASE_INSENSITIVE, NULL, NULL);
status = NtOpenFile(&hFile, FILE_READ_ACCESS | SYNCHRONIZE,
&obja, &iost, FILE_SHARE_READ,
FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT);
if (!NT_SUCCESS(status))
break;
status = NtCreateSection(&hSection, SECTION_ALL_ACCESS, NULL,
NULL, PAGE_READONLY, SEC_IMAGE_NO_EXECUTE, hFile);
if (!NT_SUCCESS(status))
break;
status = NtMapViewOfSection(hSection, NtCurrentProcess(),
(PVOID)&Data, 0, 0, NULL, &ViewSize, ViewUnmap, 0, PAGE_READONLY);
if (!NT_SUCCESS(status))
break;
} while (cond);
if (hFile != NULL) {
NtClose(hFile);
}
if (hSection != NULL) {
NtClose(hSection);
}
if (usFileName.Buffer != NULL) {
RtlFreeUnicodeString(&usFileName);
}
return Data;
}
FilePathType GetFileType(LPCWSTR FilePath)
{
if(StrEmpty(FilePath))
return FilePathType::PathNotExist;
UNICODE_STRING usFileFile;
if (!RtlDosPathNameToNtPathName_U(FilePath, &usFileFile, NULL, NULL))
{
return FilePathType::PathNotExist;
}
IO_STATUS_BLOCK IoStatusBlock;
OBJECT_ATTRIBUTES ObjectAttributes = { sizeof(OBJECT_ATTRIBUTES), NULL, &usFileFile, OBJ_CASE_INSENSITIVE };
HANDLE hFile;
auto hr = NtOpenFile(&hFile, SYNCHRONIZE, &ObjectAttributes, &IoStatusBlock, FILE_SHARE_VALID_FLAGS, FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE | FILE_OPEN_FOR_BACKUP_INTENT);
RtlFreeUnicodeString(&usFileFile);
switch (hr)
{
case 0xC0000103:
//目录无效,说明是个文件
return FilePathType::PathIsFile;
#ifdef DEBUG
case 0xc000003a:
//系统找不到指定的路径
case 0xc0000013:
//设备未就绪。
case 0xc0000034:
//系统找不到指定的文件
case 0xc0000240:
//请求被终止
return FilePathType::PathNotExist;
#endif
case 0:
//成功打开
NtClose(hFile);
return FilePathType::PathIsDir;
default:
#ifdef DEBUG
//assert(0);
SetLastError(RtlNtStatusToDosError(hr));
#endif
return FilePathType::PathNotExist;
break;
}
}
BOOLEAN
OpenFile(
PSZ DriveNumber,
PHANDLE Handle
)
{
OBJECT_ATTRIBUTES oa;
STRING ntDriveName;
UNICODE_STRING uniDriveName;
IO_STATUS_BLOCK ioStatusBlock;
int charsInName;
char driveName[50];
NTSTATUS nts;
sprintf(driveName, "\\Device\\Harddisk%s\\Partition0", DriveNumber);
charsInName = strlen(driveName);
ntDriveName.Length = (USHORT)charsInName;
ntDriveName.MaximumLength = (USHORT)charsInName;
ntDriveName.Buffer = driveName;
printf( "NT drive name = %s\n", ntDriveName.Buffer );
RtlAnsiStringToUnicodeString(&uniDriveName, &ntDriveName, TRUE);
memset(&oa, 0, sizeof(OBJECT_ATTRIBUTES));
oa.Length = sizeof(OBJECT_ATTRIBUTES);
oa.ObjectName = &uniDriveName;
oa.Attributes = OBJ_CASE_INSENSITIVE;
if (!NT_SUCCESS(nts = NtOpenFile(Handle,
SYNCHRONIZE | FILE_READ_DATA | FILE_WRITE_DATA,
&oa,
&ioStatusBlock,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_SYNCHRONOUS_IO_ALERT))) {
printf("NtOpenFile status %x\n", nts);
return FALSE;
}
RtlFreeUnicodeString(&uniDriveName);
return TRUE;
}
int NumberOfLinks(char *FileName)
{
FILE_STANDARD_INFORMATION FileInfo;
WCHAR FileNameBuf[MAX_PATH + 50];
HANDLE FileHandle;
NTSTATUS Status;
IO_STATUS_BLOCK Iosb;
OBJECT_ATTRIBUTES Obj;
UNICODE_STRING uPrelimFileName,
uFileName;
RtlCreateUnicodeStringFromAsciiz(&uPrelimFileName, FileName);
lstrcpy(FileNameBuf, L"\\DosDevices\\");
lstrcat(FileNameBuf, uPrelimFileName.Buffer);
RtlInitUnicodeString(&uFileName, FileNameBuf);
InitializeObjectAttributes(&Obj, &uFileName, OBJ_CASE_INSENSITIVE, NULL, NULL);
Status = NtOpenFile(&FileHandle, SYNCHRONIZE, &Obj, &Iosb,
SHARE_ALL, FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT);
if (!NT_SUCCESS(Status)) {
SetLastError(RtlNtStatusToDosError(Status));
return 0;
}
Status = NtQueryInformationFile(FileHandle, &Iosb, &FileInfo,
sizeof(FileInfo), FileStandardInformation);
NtClose(FileHandle);
if (!NT_SUCCESS(Status)) {
SetLastError(RtlNtStatusToDosError(Status));
return 0;
}
return FileInfo.NumberOfLinks;
}
/****************************************************************************
* FindFirstChangeNotificationW (KERNEL32.@)
*/
HANDLE WINAPI FindFirstChangeNotificationW( LPCWSTR lpPathName, BOOL bWatchSubtree,
DWORD dwNotifyFilter)
{
UNICODE_STRING nt_name;
OBJECT_ATTRIBUTES attr;
NTSTATUS status;
HANDLE handle = INVALID_HANDLE_VALUE;
TRACE( "%s %d %x\n", debugstr_w(lpPathName), bWatchSubtree, dwNotifyFilter );
if (!RtlDosPathNameToNtPathName_U( lpPathName, &nt_name, NULL, NULL ))
{
SetLastError( ERROR_PATH_NOT_FOUND );
return handle;
}
attr.Length = sizeof(attr);
attr.RootDirectory = 0;
attr.Attributes = OBJ_CASE_INSENSITIVE;
attr.ObjectName = &nt_name;
attr.SecurityDescriptor = NULL;
attr.SecurityQualityOfService = NULL;
status = NtOpenFile( &handle, FILE_LIST_DIRECTORY | SYNCHRONIZE,
&attr, &FindFirstChange_iosb,
FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT );
RtlFreeUnicodeString( &nt_name );
if (status != STATUS_SUCCESS)
{
SetLastError( RtlNtStatusToDosError(status) );
return INVALID_HANDLE_VALUE;
}
status = NtNotifyChangeDirectoryFile( handle, NULL, NULL, NULL,
&FindFirstChange_iosb,
NULL, 0, dwNotifyFilter, bWatchSubtree );
if (status != STATUS_PENDING)
{
NtClose( handle );
SetLastError( RtlNtStatusToDosError(status) );
return INVALID_HANDLE_VALUE;
}
return handle;
}
NTSTATUS WINAPI SafeNtOpenFile(
PHANDLE FileHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes,
PIO_STATUS_BLOCK IoStatusBlock,
ULONG ShareAccess,
ULONG OpenOptions
)
{
NTSTATUS rc;
if (CheckOldFunction(&OldNtOpenFile))
rc=OldNtOpenFile(FileHandle,DesiredAccess,ObjectAttributes,IoStatusBlock,ShareAccess,OpenOptions);
else
rc=NtOpenFile(FileHandle,DesiredAccess,ObjectAttributes,IoStatusBlock,ShareAccess,OpenOptions);
return rc;
}
void test_file_open( void )
{
WCHAR ntdll[] = L"\\??\\c:\\winnt\\system32\\NTDLL.DLL";
UNICODE_STRING path;
OBJECT_ATTRIBUTES oa;
HANDLE file;
IO_STATUS_BLOCK iosb;
NTSTATUS r;
init_us(&path, ntdll);
oa.Length = sizeof oa;
oa.RootDirectory = 0;
oa.ObjectName = &path;
oa.Attributes = 0;
oa.SecurityDescriptor = 0;
oa.SecurityQualityOfService = 0;
r = NtOpenFile( &file, GENERIC_READ, NULL, NULL, FILE_SHARE_READ, 0 );
ok( r == STATUS_ACCESS_VIOLATION, "failed to open file %08lx\n", r);
r = NtOpenFile( &file, GENERIC_READ, &oa, NULL, FILE_SHARE_READ, 0 );
ok( r == STATUS_ACCESS_VIOLATION, "failed to open file %08lx\n", r);
r = NtOpenFile( NULL, GENERIC_READ, &oa, &iosb, FILE_SHARE_READ, 0 );
ok( r == STATUS_ACCESS_VIOLATION, "failed to open file %08lx\n", r);
r = NtOpenFile( &file, GENERIC_READ, &oa, &iosb, FILE_SHARE_READ, 0 );
ok( r == STATUS_OBJECT_PATH_NOT_FOUND, "failed to open file %08lx\n", r);
oa.Attributes = OBJ_CASE_INSENSITIVE;
r = NtOpenFile( &file, GENERIC_READ, &oa, NULL, 0, 0 );
ok( r == STATUS_ACCESS_VIOLATION, "failed to open file %08lx\n", r);
r = NtOpenFile( &file, GENERIC_READ, &oa, &iosb, FILE_SHARE_READ, 0 );
ok( r == STATUS_SUCCESS, "failed to open file %08lx\n", r);
r = NtClose( file );
ok( r == STATUS_SUCCESS, "failed to close handle %08lx\n", r);
r = NtOpenFile( &file, 0, &oa, &iosb, FILE_SHARE_READ, 0 );
ok( r == STATUS_SUCCESS, "failed to open file %08lx\n", r);
r = NtClose( file );
ok( r == STATUS_SUCCESS, "failed to close handle %08lx\n", r);
}
NTSTATUS query_one(POBJECT_ATTRIBUTES oa, PWSTR mask_str, BYTE *buffer, ULONG len, PIO_STATUS_BLOCK iosb)
{
UNICODE_STRING mask;
HANDLE dir = 0;
NTSTATUS r;
init_us(&mask, mask_str);
r = NtOpenFile( &dir, GENERIC_READ | FILE_LIST_DIRECTORY, oa, iosb,
FILE_SHARE_READ, FILE_DIRECTORY_FILE );
if( r != STATUS_SUCCESS)
return r;
r = NtQueryDirectoryFile( dir, 0, 0, 0, iosb, buffer, len, FileBothDirectoryInformation, TRUE, &mask, TRUE);
NtClose( dir );
return r;
}
void _CRTAPI1
main(
int argc,
char** argv
)
{
HANDLE h;
WCHAR driveName[30];
UNICODE_STRING string;
OBJECT_ATTRIBUTES oa;
NTSTATUS status;
IO_STATUS_BLOCK ioStatus;
if (argc != 2) {
printf("usage: %s drive1:\n", argv[0]);
return;
}
swprintf(driveName, L"\\DosDevices\\%hs", argv[1]);
string.Length = string.MaximumLength = wcslen(driveName)*sizeof(WCHAR);
string.Buffer = driveName;
InitializeObjectAttributes(&oa, &string, OBJ_CASE_INSENSITIVE, 0, 0);
status = NtOpenFile(&h,
SYNCHRONIZE | FILE_READ_DATA | FILE_WRITE_DATA,
&oa, &ioStatus,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_SYNCHRONOUS_IO_ALERT);
if (!NT_SUCCESS(status)) {
printf("Open of drive %s failed with %x\n", argv[1], status);
return;
}
status = DiskInitFtSet(h);
if (NT_SUCCESS(status)) {
printf("Initialize started.\n");
} else {
printf("Initialize failed with %x\n", status);
}
}
NTSTATUS
NTAPI
SmpGetPagingFileSize(IN PUNICODE_STRING FileName,
OUT PLARGE_INTEGER Size)
{
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
HANDLE FileHandle;
FILE_STANDARD_INFORMATION StandardInfo;
DPRINT("SMSS:PFILE: Trying to get size for `%wZ'\n", FileName);
Size->QuadPart = 0;
InitializeObjectAttributes(&ObjectAttributes,
FileName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = NtOpenFile(&FileHandle,
FILE_READ_ATTRIBUTES | SYNCHRONIZE,
&ObjectAttributes,
&IoStatusBlock,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_SYNCHRONOUS_IO_NONALERT);
if (!NT_SUCCESS(Status)) return Status;
Status = NtQueryInformationFile(FileHandle,
&IoStatusBlock,
&StandardInfo,
sizeof(StandardInfo),
FileStandardInformation);
if (!NT_SUCCESS(Status))
{
DPRINT1("SMSS:PFILE: Failed query for size potential pagefile `%wZ' with status %X \n",
FileName, Status);
NtClose(FileHandle);
return Status;
}
NtClose(FileHandle);
Size->QuadPart = StandardInfo.AllocationSize.QuadPart;
return STATUS_SUCCESS;
}
BOOLEAN
DoesFileExist(
PWSTR PathName,
PWSTR FileName)
{
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
UNICODE_STRING Name;
WCHAR FullName[MAX_PATH];
HANDLE FileHandle;
NTSTATUS Status;
wcscpy(FullName, PathName);
if (FileName != NULL)
{
if (FileName[0] != L'\\')
wcscat(FullName, L"\\");
wcscat(FullName, FileName);
}
RtlInitUnicodeString(&Name,
FullName);
InitializeObjectAttributes(&ObjectAttributes,
&Name,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = NtOpenFile(&FileHandle,
GENERIC_READ | SYNCHRONIZE,
&ObjectAttributes,
&IoStatusBlock,
0,
FILE_SYNCHRONOUS_IO_NONALERT);
if (!NT_SUCCESS(Status))
{
return FALSE;
}
NtClose(FileHandle);
return TRUE;
}
NTSTATUS log_init( void )
{
UNICODE_STRING name;
OBJECT_ATTRIBUTES oa;
IO_STATUS_BLOCK iosb;
NTSTATUS r;
pass_count = 0;
fail_count = 0;
/* open the event */
name.Buffer = eventname;
name.Length = sizeof eventname - 2;
name.MaximumLength = name.Length;
oa.Length = sizeof oa;
oa.RootDirectory = NULL;
oa.ObjectName = &name;
oa.Attributes = OBJ_CASE_INSENSITIVE;
oa.SecurityDescriptor = NULL;
oa.SecurityQualityOfService = NULL;
r = NtOpenEvent( &event, EVENT_ALL_ACCESS, &oa );
if (r != STATUS_SUCCESS)
return r;
/* open the mailslot */
name.Buffer = slotname;
name.Length = sizeof slotname - 2;
name.MaximumLength = name.Length;
oa.Length = sizeof oa;
oa.RootDirectory = NULL;
oa.ObjectName = &name;
oa.Attributes = OBJ_CASE_INSENSITIVE;
oa.SecurityDescriptor = NULL;
oa.SecurityQualityOfService = NULL;
iosb.Status = 0;
iosb.Information = 0;
return NtOpenFile( &slot, GENERIC_WRITE, &oa, &iosb, FILE_SHARE_WRITE | FILE_SHARE_READ, 0 );
}
/*
* SfuLoadPeerList
*
* Purpose:
*
* Load peer list from filename given in win32 format.
*
*/
NTSTATUS SfuLoadPeerList(
_In_ OBJECT_ATTRIBUTES *ObjectAttributes,
_In_ ZA_PEERINFO **PeerList,
_In_ PULONG NumberOfPeers
)
{
BOOL cond = FALSE;
HANDLE hFile = NULL;
PVOID pData = NULL;
NTSTATUS status = STATUS_UNSUCCESSFUL;
IO_STATUS_BLOCK iost;
FILE_STANDARD_INFORMATION fsi;
if ((NumberOfPeers == NULL) || (PeerList == NULL))
return status;
do {
status = NtOpenFile(&hFile, FILE_READ_ACCESS | SYNCHRONIZE,
ObjectAttributes, &iost, FILE_SHARE_READ,
FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT);
if (!NT_SUCCESS(status))
break;
RtlSecureZeroMemory(&fsi, sizeof(fsi));
status = NtQueryInformationFile(hFile, &iost, (PVOID)&fsi, sizeof(fsi), FileStandardInformation);
if (!NT_SUCCESS(status))
break;
pData = RtlAllocateHeap(NtCurrentPeb()->ProcessHeap, HEAP_ZERO_MEMORY, (SIZE_T)fsi.EndOfFile.LowPart);
if (pData == NULL) {
status = STATUS_MEMORY_NOT_ALLOCATED;
break;
}
if ((fsi.EndOfFile.LowPart % sizeof(ZA_PEERINFO)) != 0) {// incomplete/damaged file
status = STATUS_BAD_DATA;
break;
}
status = NtReadFile(hFile, NULL, NULL, NULL, &iost, pData, fsi.EndOfFile.LowPart, NULL, NULL);
if (NT_SUCCESS(status)) {
*NumberOfPeers = (ULONG)(iost.Information / sizeof(ZA_PEERINFO));
*PeerList = pData;
}
else {
RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, pData);
*NumberOfPeers = 0;
*PeerList = NULL;
}
} while (cond);
if (hFile) NtClose(hFile);
return status;
}